Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2980

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2012-2980
Last Modified 21 Aug 2012 12:00:00
Published 21 Aug 2012 06:46:10
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2980

Summary

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.

Vulnerable Systems


References

CERT-VN - VU#251635

CONFIRM - http://www.kb.cert.org/vuls/id/MAPG-8R5LD6

MISC - http://www.htc.com/www/help/app-security-fix/


Last Updated: 27 May 2016 10:58:24